Threats Tagged 'irs impersonation'

Threat actors are exploiting tax season with numerous campaigns leveraging tax themes to deliver malware, remote monitoring tools, fraud attempts, and credential phishing. Over a hundred campaigns have been observed in 2026, with a notable increase in remote monitoring and management (RMM) payloads. Tactics include impersonating tax agencies, claiming expired documents, and requesting tax filing support. While primarily targeting the United States, campaigns have also been observed in Canada, Australia, Switzerland, and Japan. Notable actors include TA4922, a newly designated threat group delivering malware from the Winos4.0 ecosystem, and TA2730, focusing on credential phishing for financial institutions. Business email compromise actors are also using tax form lures to steal financial and personal data. These campaigns demonstrate the ongoing exploitation of timely and topical themes by cybercriminals to deceive users.

MediumMalwareUnited StatesCanadaAustralia+2#tax scams#bec#valleyrat

During tax season, threat actors exploit the urgency of time-sensitive tax-related emails to trick targets into opening malicious attachments, scanning QR codes, or following link chains. Recent campaigns identified by Microsoft Threat Intelligence use lures around W-2 forms, tax forms, and impersonation of government tax agencies and financial institutions. These campaigns aim to harvest credentials or deliver malware, often using phishing-as-a-service platforms for convincing credential theft and MFA bypass. Notable tactics include using legitimate remote monitoring tools, targeting specific industries and roles like accountants, and employing sophisticated social engineering techniques. The campaigns leverage various file formats, legitimate infrastructure, and multiple user interactions to complicate detection.

MediumMalwareUnited StatesCanadaUnited Kingdom+7#datto#phishing#irs impersonation